Code Editor
Web Browser

Nice work! You've added columns to the users table and ran a migration to update the database.

What's the password_digest column for? When a user submits her password, it's not a good idea to store that password as is in the database; if an attacker somehow gets into your database, he would be able to see all your users' passwords.

One way to defend against this is to store passwords as encrypted strings in the database. This is what the has_secure_password method helps with - it uses the bcrypt algorithm to securely hash a user's password, which then gets saved in the password_digest column.

Then when a user logs in again, has_secure_password will collect the password that was submitted, hash it with bcrypt, and check if it matches the hash in the database.

Report a Bug
If you see a bug or any other issue with this page, please report it here.